Already have Single Sign-On configured and looking to control user and role provisioning or make Single Sign-On mandatory? Jump to this article to learn more.
Step 1: Create a PingOne Application
Log into https://admin.pingone.com with your administrative account. Navigate to the applications section, and click Add Application, New SAML Application.
Fill out the Application Name and Description, then Continue.
Step 2: Configure the PingOne Application
You'll then need to configure the PingOne connection to Red Canary's SAML service provider.
- Set Assertion Consumer Service (ACS) to https://<your_domain>.my.redcanary.co/saml_sp/consume
- Set Entity ID to the value listed in the Red Canary SSO configuration's Entity / Issuer value.
- Upload Red Canary's SAML signing certificate as the Primary Verification Certificate. Download the certificate here.
Click Continue to Next Step.
Map the Email Application Attribute to the Email Identity Bridge Attribute.
Click Save and Publish.
Step 3: Prepare to configure Red Canary
Download your SAML Metadata. This file contains your Entity ID, Identity Provider SLO Target URL, and Identity Provider X509 signing certificate.
Step 4: Configure Red Canary
Head over to your Red Canary portal and navigate to Administration > Single Sign-On.
- Convert the Identity Provider X509 signing certificate you downloaded to Base64 and paste the text contents into the Identity Provider X509 Cert field
- Set Identity Provider SSO Target URL to the PingOne application's Initiate Single Sign-On (SSO) URL
- Set Identify Provider SLO Target URL to https://sso.connect.pingidentity.com/sso/SLO.saml2
- Set Identity Provider Entity ID to the https://pingone.com/idp/<customer>
- Set Email Attribute to Email
Check This SSO configuration should be active and click Save Configuration.
That's it! Setting up SAML can be a giant pain in the butt, so if you have any issues, email us at firstname.lastname@example.org.